OpenID4VCI icon indicating copy to clipboard operation
OpenID4VCI copied to clipboard
verified publisher icon openid

Generic nonce endpoint

Open OR13 opened this issue 1 year ago • 2 comments

There was discussion of the nonce endpoint here: https://github.com/openid/OpenID4VCI/pull/381/files#r1752363400

Coauthors and myself worked on a draft presented to IETF OAuth WG on making a generic building block for this:

https://github.com/peppelinux/draft-demarco-oauth-nonce-endpoint

RATs, and protocols not part of OIDCVCI could benefit from an aligned approach.

If there is a chance to pull out enough of this API into a generic document that other systems could build on... that is worth exploring.

OR13 avatar Sep 19 '24 15:09 OR13

There is also https://datatracker.ietf.org/doc/draft-ietf-httpbis-unprompted-auth/ which is worth considering.

The Concealed HTTP authentication scheme allows a client to authenticate to an origin server while guaranteeing freshness and without the need for the server to transmit a nonce to the client.

OR13 avatar Sep 19 '24 15:09 OR13

There is also https://datatracker.ietf.org/doc/draft-ietf-httpbis-unprompted-auth/ which is worth considering.

The Concealed HTTP authentication scheme allows a client to authenticate to an origin server while guaranteeing freshness and without the need for the server to transmit a nonce to the client.

A TLS keying material exporter is pretty much just a nonce from a different layer.

bc-pi avatar Sep 19 '24 18:09 bc-pi